What security threats are caused by an end-user executing a program that infects a system?

24 Mar

The most common types of malware include viruses, keyloggers, worms, trojans, ransomware / crypto-malware, logic bombs, bots/botnets, adware & spyware, and rootkits. You can mitigate or prevent malware attacks by developing security policies, implementing security awareness training, using app-based multi-factor authentication, installing anti-malware & spam filters, changing default operating system policies, performing routine vulnerability assessments.

It’s important to note that no system is 100% vulnerability free or “hacker-proof.” If a threat actor has enough time, resources, and manpower to launch an attack then chances are they will find a way in.

Article Navigation

  • What Is Malware?
  • How Does Malware Infect A Computer Or Network?
  • Common Types Of Malware
  • How To Prevent Malware Attacks

What security threats are caused by an end-user executing a program that infects a system?

What Is Malware?

Malware, or malicious software, is any piece of software that was written with the intent of doing harm to data, devices or to people.

Systems infected with malware will present with symptoms such as running slower, sending emails without user action, randomly rebooting, or starting unknown processes.

What security threats are caused by an end-user executing a program that infects a system?

The use of malware to exploit vulnerabilities continue to rise year over year reaching an all time high of 812.67 million infected devices in 2018.

Read More: How To Develop & Implement A Network Security Plan

How Does Malware Infect A Computer Or Network?

There are a number of methods threat actors utilize to deploy malware into a network or system including social engineering and exploiting vulnerabilities.

What security threats are caused by an end-user executing a program that infects a system?

Social Engineering

Malware is often deployed through phishing, vishing, or smishing, which are all types of social engineering attacks.

In fact, 92% of malware is delivered by email.

In short, threat actors attempt to retrieve sensitive information by manipulating people into clicking links, downloading attachments, or providing access over the phone.

What security threats are caused by an end-user executing a program that infects a system?

If successful, the malicious payload is delivered and you can consider yourself breached.

Exploiting Vulnerabilities

One of the easiest ways threat actors break into a system or network is by deploying a series of exploits known to work, such as Kerberoasting.

This is referred to as the “trial and error” approach, however, there is a high degree of technical skill involved in this process.

What does this mean for your business?

You can develop the best policies, scan the network every week, and patch systems daily, but you will never be 100% vulnerability free.

Unless your system is truly stress tested there’s no way for you to determine if the security measures in place are adequate.

Penetration testing is conducted to validate not only the vulnerabilities identified, but to evaluate the implementation of security controls and tools.

What security threats are caused by an end-user executing a program that infects a system?

Common Types Of Malware

Malware comes in many forms but the most common types are:

  1. Viruses
  2. Keyloggers
  3. Worms
  4. Trojans
  5. Ransomware / Crypto-Malware
  6. Logic Bombs
  7. Bots/Botnets
  8. Adware & Spyware
  9. Rootkits

What security threats are caused by an end-user executing a program that infects a system?

1. Viruses

A virus is the most common type of malware attack. In order for a virus to infect a system it requires a user to click or copy it to media or a host.

Most viruses self-replicate without the knowledge of the user. These viruses can be spread from one system to another via email, instant messaging, website downloads, removable media (USB), and network connections.

Some file types are more susceptible to virus infections – .doc/docx, .exe, .html, .xls/.xlsx, .zip. Viruses typically remain dormant until it has spread on to a network or a number of devices before delivering the payload.

What security threats are caused by an end-user executing a program that infects a system?

2. Keyloggers

Keylogging, or keyboard capturing, logs a user’s keystrokes and sends data to the threat actor.

Users are typically unaware that their actions are being monitored.

While there are use cases for employers using keyloggers to track employee activity, they’re mostly used to steal passwords or sensitive data.

Keyloggers can be a physical wire discreetly connected to a peripheral like a keyboard, or installed by a Trojan.

What security threats are caused by an end-user executing a program that infects a system?

3. Worms

Similar to a virus, a worm can also self-replicate and spread full copies and segments of itself via network connections, email attachments, and instant messages.

Unlike viruses, however, a worm does not require a host program in order to run, self-replicate, and propagate.

Worms are commonly used against email servers, web servers, and database servers.

Once infected, worms spread quickly over the internet and computer networks.

What security threats are caused by an end-user executing a program that infects a system?

4. Trojan Horses

Trojan horse programs are malware that is disguised as legitimate software.

A Trojan horse program will hide on your computer until it’s called upon.

When activated, Trojans can allow threat actors to spy on you, steal your sensitive data, and gain backdoor access to your system.

Trojans are commonly downloaded through email attachments, website downloads, and instant messages.

Social engineering tactics are typically deployed to trick users into loading and executing Trojans on their systems. Unlike computer viruses and worms, Trojans are not able to self-replicate.

What security threats are caused by an end-user executing a program that infects a system?

5. Ransomware / Crypto-Malware

Ransomware is a type of malware designed to lock users out of their system or deny access to data until a ransom is paid.

Crypto-Malware is a type of ransomware that encrypts user files and requires payment within a time frame and often through a digital currency like Bitcoin.

What security threats are caused by an end-user executing a program that infects a system?

6. Logic Bombs

Logic bombs are a type of malware that will only activate when triggered, such as on a specific date/time or on the 25th logon to an account.

Viruses and worms often contain logic bombs to deliver its payload (malicious code) at a pre-defined time or when another condition is met.

The damage caused by logic bombs vary from changing bytes of data to making hard drives unreadable.

Antivirus software can detect the most common types of logic bombs when they’re executed.

However, until they do, logic bombs can lie dormant on a system for weeks, months, or years.

What security threats are caused by an end-user executing a program that infects a system?

7. Bots/Botnets

Botnet, short for roBOT NETwork, is a group of bots, which are any type of computer system attached to a network whose security has been compromised.

They are typically controlled remotely.

The Mirai botnet was able to gain control of internet of things (IoT) connected devices like your DVR, home printer as well as smart appliances by entering the default username and password that the devices shipped with.

The threat actors deployed a DDoS (distributed denial of service) attack by sending large amounts of data at a website hosting company, causing many popular websites to be taken offline.

What security threats are caused by an end-user executing a program that infects a system?

8. Adware & Spyware

Adware and Spyware are both unwanted software.

Adware is designed to serve advertisements on screens within a web browser.

It’s usually quietly installed in the background when downloading a program without your knowledge or permission.

While harmless, adware can be annoying for the user.

Spyware, on the other hand, is a type of malware designed to gain access and damage your computer.

Spyware, on the other hand, collects user’s information such as habits, browsing history, and personal identification information.

Attackers then sell your data to advertisers or data firms, capture your bank account information, or steal your personal identity.

Spyware is often downloaded in a software bundle or from file-sharing-sites.

What security threats are caused by an end-user executing a program that infects a system?

9. Rootkits

Rootkits are a back door program that allows a threat actor to maintain command and control over a computer without the user knowing.

This access can potentially result in full control over the targeted system.

The controller can then log files, spy on the owner’s usage, execute files and change system configurations remotely.

While traditionally deployed using Trojan horse attacks, it’s becoming more common in trusted applications.

Some antivirus software can detect rootkits, however, they are difficult to clean from a system.

In most cases, it’s best to remove the rootkit and rebuild the compromised system.

How To Prevent Malware Attacks

While it’s not possible to be completely protected from cybercriminals, there are a number of measures companies can take to  mitigate or prevent malware attacks including:

  • Developing Security Policies
  • Implementing Security Awareness Training
  • Using App-Based Multi-Factor Authentication
  • Installing Anti-Malware & Spam Filters
  • Changing Default Operating System Policies
  • Performing Routine Vulnerability Assessments

Developing Security Policies

Security policies provide a road map to employees of what to do and when to do it, and who gets access to systems or information.

Policies are also required for compliance, regulations, or laws.

What security threats are caused by an end-user executing a program that infects a system?

Examples of security policies that may help to prevent malware attacks include:

  • Social Engineering Awareness Policy – Defines guidelines to provide awareness around the threat of social engineering and defines procedures when dealing with social engineering threats.
  • Server Malware Protection Policy – The purpose of the Server Malware Protection Policy is to outline which server systems are required to have anti-virus and/or anti-spyware applications.
  • Software Installation Policy – The purpose of the Software Installation Policy is to outline the requirements around the installation of software on company computing devices. To minimize the risk of loss of program functionality, the exposure of sensitive information contained within the Company’s computing network, the risk of introducing malware, and the legal exposure of running unlicensed software.
  • Removable Media Policy – The purpose of the Removeable Media Policy is to minimize the risk of loss or exposure of sensitive information maintained by the company and to reduce the risk of acquiring malware infections on computers operated by the company.

Implementing Security Awareness Training

Security awareness training is an investment into the overall security of your organization. This training can save a substantial amount of money that has the potential of getting lost to cyber attacks.

In addition, many compliance frameworks and audits (ISO 27001, SOC 2, CMMC, HIPAA, HITRUST, etc) require periodic security awareness training for employees.

Awareness training involves developing a baseline, training users, setting up phishing campaigns, and reporting results.

  • Baseline Testing – Provide baseline testing to assess the likelihood that a user falls for a phishing attack.
  • Training Users – interactive modules, videos, games, posters, and newsletters designed to educate users on the latest social engineering attacks. This training is often automated with scheduled email reminders.
  • Phishing Campaigns – Perform organization side and fully automated simulated phishing attacks.
  • Reporting Results – Stats and graphs for both training and phishing activities to demonstrate the ROI.

The ideal way to perform security awareness is to include it in the new-hire orientation security training module and make it a mandatory requirement before granting access to critical systems.

The training should be completed at least on an annual basis and train employees not only on identifying attacks, but also to respond appropriately and report to the incident response team for proactive action.

It is all about training employees to have a sense of what is considered unsafe behavior and know when to take action to protect themselves and the organization.

Using App-Based Multi-Factor Authentication

According to Microsoft, 99.9% of automated malware attacks can be prevented against windows systems just by using multi-factor authentication (MFA).

Three 9s of prevention is an impressive figure, however, the keyword here is “automated.” As with all things in security, MFA is simply a single layer of defense.

Sophisticated threat actors deploy a number of methods outside of automated attacks to compromise a network.

It’s also worth mentioning that SMS based MFA can easily be bypassed as the technology sends passcodes in plain text. This allows threat actors to capture the passcode, access your account, and then pass the code off to your phone without you noticing.

Instead, it’s recommended that you use an app-based MFA or hardware MFA such as a YubiKey.

Installing Anti-Malware & Spam Filters

Emails are the primary method for delivering malware and socially engineered attacks.

While employees do have anti-virus and anti-malware software installed on their workstations, adding them to your mail servers is recommended as part of a defense in depth approach.

Setting up a spam filter is a balancing act. On one hand, the network administrator wants to block all malicious traffic.

On the other hand, if the filters are too aggressive then legitimate traffic gets blocked and end-users start to complain.

After 2-3 weeks of use, a baseline for the network can be established and further adjustments are made.

What security threats are caused by an end-user executing a program that infects a system?

Software tools like Mimecast provide spam filtering and anti-malware capabilities.

Users are given a  “digest” of emails that have been sent to their account. Users can then choose to block, confirm, or always allow an individual email or an entire domain.

What security threats are caused by an end-user executing a program that infects a system?

Changing Default Operating System Policies

While the default settings are good security precautions to take they can be greatly improved upon.

In this example, Microsoft recommends changing the password history from 10 to 24 passwords and reducing the maximum password age from 90 days to 42 days.

What security threats are caused by an end-user executing a program that infects a system?

It’s ultimately the responsibility of the network administrator to ensure that the domain, workstations, and devices are set up to adhere to security policies within the organization.

Perform Routine Vulnerability Assessments

Performing routine network vulnerability scans help to identify known vulnerabilities, lack of security controls, and common misconfigurations.

Scanners like Nessus are used to scan ports, analyze protocols, and map a network.

What security threats are caused by an end-user executing a program that infects a system?

This provides network administrators with detailed information about which hosts on a network are running what services.

Most scanners will display the information collected in a dashboard listing each vulnerability found and it’s severity.

What security threats are caused by an end-user executing a program that infects a system?

In addition to providing the raw scan results, most vulnerability scanning services include an assessment report consisting of a remediation plan to resolve at risk systems.

Organizations may also wish to implement a patch management program. The main purpose of patch management is to continuously identify, prioritize, remediate, and report on security vulnerabilities in systems.

Related Articles

  • Vulnerability Scanning VS Penetration Testing: What’s The Main Difference?
  • How To Perform A Successful Network Vulnerability Assessment
  • What Are The Most Common Types Of Network Vulnerabilities?
  • What Is Endpoint Detection And Response (EDR)?
  • Data Loss Prevention: Strategy, Software, & Best Practices

Which of the following security threats is a piece of code that infects a system because an end user executed a program?

A virus is a program or piece of code that runs on your computer without your knowledge. It is designed to attach itself to other code and replicate it. It replicates when an infected file is executed or launched. It then attaches to other files, adds its code to the application's code, and continues to spread.

What are the 3 types of malware attacks?

The Most Common Types of Malware Attacks.
1) Adware. Adware serves unwanted or malicious advertising. ... .
2) Fileless Malware. ... .
3) Viruses. ... .
4) Worms. ... .
5) Trojans. ... .
6) Bots. ... .
7) Ransomware. ... .
8) Spyware..

What is virus worm and Trojan horse?

Virus is a software or computer program that connect itself to another software or computer program to harm computer system. Worms replicate itself to cause slow down the computer system. Trojan Horse rather than replicate capture some important information about a computer system or a computer network.

What are the 4 main types of malware?

7 Common Types of Malware.
Trojans. A Trojan (or Trojan Horse) disguises itself as legitimate software with the purpose of tricking you into executing malicious software on your computer..
Spyware. ... .
Adware. ... .
Rootkits. ... .
Ransomware. ... .
Worms. ... .
Keyloggers..